AZL-53888

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53888.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-53888

Upstream

CVE-2024-7883

Published

2024-10-31T17:15:14Z

Modified

2026-04-01T05:18:09.163079Z

Summary

CVE-2024-7883 affecting package clang for versions less than 18.1.2-4

Details

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-7883

Affected packages

Azure Linux:3 / clang

Package

Name: clang
Purl: pkg:rpm/azure-linux/clang

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.1.2-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-53888.json"